Certificate for SSL/TLS via domain ownership

If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use Self-sign certificate but your browser will present a warning and some https-only features might not work.

Requirement for this guide

Your Home Assistant instance is not exposed to the internet. If it is - use this guide

You control a public domain name. The domain doesn’t have to point to a site. A domain controlled by a trusted friend will do. (A friend you trust not to MITM you)

Please deploy a DNS TXT record under the name
_acme-challenge.mydomain.com with the following value:
deadbeefdeadbeefdeadbeefdeadbeefdeadbeef
Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue

Deploy the value to TXT field using your domain registrar.

Go to a site that queries domain record. For example this one and look if it sees your brand new TXT field (Don’t forget to enter the full domain: _acme-challenge.mydomain.com)

Press Enter at certbot prompt.

Make mydomain.com point to your Home Assistant instance

If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options: